Copyright Ruling For Open Source: Good And Bad News?

The other week, the open source community enthusiastically welcomed a court ruling that set a strong precedence for open source licensing. Not everyone was enthusiastic, though. Among the cautionary dissenters is Michael P. Bennett, partner, Wildman Harrold (Chicago). To Michael, it's a two-edged sword that can harm as much as it can help.

Q: As I understand it, the case in question established that a copyright infringement case can be brought against someone who violates an open source license. Is your reading of it that anyone who feels they have a copyright infringement case against a given piece of OSS can create real problems for the authors of the software -- making this, in effect, a two-edged sword?

A: In some ways, open source software is like any other software. Authors of OSS must take care in how they create their software. In any dispute, there will be important facts that affect the rights of the parties. Was the copied code expressive? Was it functional? Was it distributed? Like anyone else, if an OSS author copies another author's work, the copier could be sued for infringement. The bottom line is that all authors, OSS authors included, must take care.

Linux Foundation: New Members, Certifications and Microsoft Entryism

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the addition of 22 Silver members and 4 Associate members. Linux Foundation members help support development of the shared technology resources, while accelerating their own innovation through open source leadership and participation. Linux Foundation member contributions help provide the infrastructure and resources that enable the world's largest open collaboration communities.

ETSI/GNU/Linux-based MANO

ETSI is pleased to announce the availability of OSM Release FOUR. Bringing a large set of new features and enhancements, this version is the most ambitious and innovative OSM Release to date and constitutes a huge leap forward in terms of functionality, user experience and maturity.
This new Release brings substantial progress thanks to a number of architectural improvements, which result in a more efficient behaviour and much leaner footprint – up to 75% less RAM consumption. Additionally, its new northbound interface, aligned with ETSI NFV work, and the brand-new cloud-native setup, facilitate OSM’s installation and operation, while making OSM more open and simpler to integrate with pluggable modules and external systems, such as the existing OSS.

In monitoring, ETSI says OSM Release FOUR's alarm and metric settings are easier to use, and a new policy manager adds push notifications and reactive policy configuration, which the standards body says “opens the door to closed-loop operations”.
The monitoring module uses Apache Kafka as its message passing bus, and the module also implements a flexible plugin model so sysadmins can BYO monitoring environment.

Programming: GitLab, Security, Power and Jakarta EE

GitLab 10.8 was released this week with the open sourcing of a highly requested feature. The company announced its push mirroring capability is now open sourced.
Push mirroring was originally introduced as a paid feature, but GitLab says it is one of the most frequently requested to be moved into the open-source codebase.
This move will add a few new use cases for GitLab Core users, such as freelance developers being able to mirror client repos and users migrating to GitLab being able to use push mirroring to ease the migration path.

Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
There's always been a troublesome rift between enterprise security teams and software developers. While the friction is understandable, it's also a shame, because the chasm between these teams makes it all the more challenging to build quality applications that are both great to use and safe.

Can energy usage data tell us anything about the quality of our programming languages?
Last year a team of six researchers in Portugal from three different universities decided to investigate this question, ultimately releasing a paper titled “Energy Efficiency Across Programming Languages.” They ran the solutions to 10 programming problems written in 27 different languages, while carefully monitoring how much electricity each one used — as well as its speed and memory usage.

The title of this post may seem strange, but if you look a bit into Java EE's recent history, it will make sense.
Originally, Sun started and ran Java Enterprise Edition, and later Oracle took over after it acquired Sun. Specifications were driven by a Sun/Oracle-governed process. At more or less regular intervals, they made a new version of the specification available, which was implemented by the server vendors. Those vendors had to license the technology compatibility kits (TCKs) and brand from Oracle.
Let's fast-forward a bit. In 2013, Java EE 7 was released, and Oracle began work on EE8, but it did not progress quickly. Meanwhile, new technologies like Docker and Kubernetes came along and changed the way applications run. Instead of running a single fat server process on a big machine, the software is now split into smaller, independent services that run in a (usually) Docker container orchestrated by Kubernetes.

Latest News

Debian and Derivatives

More demos of vnlog and feedgnuplot usage! This is pretty pointless, but should be a decent demo of the tools at least. This is a demo, not documentation; so for usage details consult the normal docs.
Each Wednesday night I join a group bike ride. This is an organized affair, and each week an email precedes the ride, very roughly describing the route. The two organizers alternate leading the ride each week, and consequently the emails alternate also. I was getting the feeling that some of the announcements show up in my mailbxo more punctually than others, and after a recent 20-minutes-before-the ride email, I decided this just had to be quantified.
The emails all go to a google-group email. The google-groups people are a wheel-reinventing bunch, so talking to the archive can't be done with normal tools (NNTP? mbox files? No?). A brief search revealed somebody's home-grown tool to programmatically grab the archive:

To whom it may concern, this is my report over the first few weeks of gsoc under the umbrella of the Debian project. I’m writing this on my way back from the minidebconf in Hamburg, which was a nice experience, maybe there will be another post about that ;)
So, the goal of my GSOC project is to design and implement a new SSO solution for Debian. But that only touches one part of the projects deliveries. As you can read in the description Alexander Wirth originally posted in the Debian Wiki, the project consists of two parts, where the first one is the design and coding of a new backend and self-service interface for Debian guest users (this includes the accounts of Debian Maintainers).

Compared to its previous releases, Debian-based Parrot 4.0 ethical hacking distro has arrived with a lot more changes. The development team has called it an important milestone in the history of the project.

Openwashing and 'Open' Beer

The Kaspersky Labs report issued on May 10th, 2018 has garnered a lot of media attention based on its claim of having identified 17 security issues in some OPC UA implementations. A detailed description of the 17 issues can be found at https://opcfoundation.org/security/.

In a recent blog post, Intel and Wind River have announced their intent to make open source some of the components from the Wind River Titanium Cloud portfolio. The code is now being upstreamed in a new open source project called StarlingX, hosted by the OpenStack Foundation.
Wind River Titanium Cloud was built on open source components, which are then extended and targeted to be hardened to address critical infrastructure requirements: high availability, fault management, and performance management needed for continuous 24/7 operation. Wind River Titanium Cloud also includes the low latency, high performance, scalability, and security needed for edge and IoT workloads.

Mozilla is seriously into open-source. So seriously, in fact, that developer doesn’t just want to see it restricted to software. In its eyes, just about anything can go open-source. Even beer.
To prove it, Mozilla teamed up with Widmer Brothers, a brewery based in Portland, Oregon. The companies crafted a survey for community input on the style, hops, and any special additions drinkers might want to see. Responses were tabulated, weighed, and turned into a recipe by the brewers at Widmer.

Back End: Cask, Kubernetes, OpenStack

Last week Cask Data, known for its open source Cask Data Application Platform (CDAP), announced that it's being acquired by Google -- specifically Google's cloud division.
"We are thrilled to announce that Cask Data, Inc. will be joining Google Cloud!" the company's founders, Jonathan Gray and Nitin Motgi, said in its online announcement of the purchase.

"With Kubernetes-as-a-Service, we are providing the industry’s simplest Kubernetes consumption model by delivering it fully configured, tested and validated at enterprise scale with the managed cluster services customers need to effectively run their applications," Scott Crenshaw, executive vice president of private clouds at Rackspace, stated.
"Rackspace’s combination of operational experience and open source expertise, coupled with the security, improved economics and a fully managed Kubernetes offering available on leading public and private cloud technologies, helps companies accelerate their digital transformation,” Crenshaw continued.

The OpenStack Foundation is no longer interested in only its own cloud platform, but also in enabling the broader ecosystem of open infrastructure
In a session at the OpenStack Summit, Thierry Carrez, VP of Engineering at the OpenStack Foundation, outlined the steps the foundation are taking to create what he referred to as a better-defined OpenStack. The key theme of the redefinition is that OpenStack is no longer just about the OpenStack cloud platform project.

The OpenStack Foundation announced on May 22 the Kata Containers 1.0 release which is designed to bolster container security.
The Kata Containers project provides a virtualization isolation layer to help run multi-tenant container deployments in a more secure manner than running containers natively on bare-metal. The effort provides a micro-virtual machine (VM) layer that can run container workloads.